You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/05/07 15:14:19 UTC
svn commit: r1678189 - in /tomcat/trunk/java/org/apache/tomcat/util/net:
AprEndpoint.java SSLHostConfig.java jsse/JSSESocketFactory.java
Author: markt
Date: Thu May 7 13:14:19 2015
New Revision: 1678189
URL: http://svn.apache.org/r1678189
Log:
Refactor as per Remy's suggestion
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1678189&r1=1678188&r2=1678189&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Thu May 7 13:14:19 2015
@@ -367,7 +367,7 @@ public class AprEndpoint extends Abstrac
if (isSSLEnabled()) {
for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
- if (sslHostConfig.getCertificateFileAbsolute() == null) {
+ if (SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateFile()) == null) {
// This is required
throw new Exception(sm.getString("endpoint.apr.noSslCertFile"));
}
@@ -485,19 +485,24 @@ public class AprEndpoint extends Abstrac
// List the ciphers that the client is permitted to negotiate
SSLContext.setCipherSuite(ctx, sslHostConfig.getCiphers());
// Load Server key and certificate
- SSLContext.setCertificate(ctx, sslHostConfig.getCertificateFileAbsolute(),
- sslHostConfig.getCertificateKeyFileAbsolute(),
+ SSLContext.setCertificate(ctx,
+ SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateFile()),
+ SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateKeyFile()),
sslHostConfig.getCertificateKeyPassword(), SSL.SSL_AIDX_RSA);
// Set certificate chain file
- SSLContext.setCertificateChainFile(
- ctx, sslHostConfig.getCertificateChainFileAbsolute(), false);
+ SSLContext.setCertificateChainFile(ctx,
+ SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateChainFile()),
+ false);
// Support Client Certificates
- SSLContext.setCACertificate(ctx, sslHostConfig.getCaCertificateFileAbsolute(),
- sslHostConfig.getCaCertificatePathAbsolute());
+ SSLContext.setCACertificate(ctx,
+ SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()),
+ SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath()));
// Set revocation
SSLContext.setCARevocation(ctx,
- sslHostConfig.getCertificateRevocationListFileAbsolute(),
- sslHostConfig.getCertificateRevocationListPathAbsolute());
+ SSLHostConfig.adjustRelativePath(
+ sslHostConfig.getCertificateRevocationListFile()),
+ SSLHostConfig.adjustRelativePath(
+ sslHostConfig.getCertificateRevocationListPath()));
// Client certificate verification
switch (sslHostConfig.getCertificateVerification()) {
case NONE:
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1678189&r1=1678188&r2=1678189&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Thu May 7 13:14:19 2015
@@ -52,7 +52,6 @@ public class SSLHostConfig {
// Common
private String certificateKeyPassword = null;
private String certificateRevocationListFile;
- private String certificateRevocationListFileAbsolute;
private CertificateVerification certificateVerification = CertificateVerification.NONE;
private int certificateVerificationDepth = 10;
private String ciphers = "HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA";
@@ -62,7 +61,6 @@ public class SSLHostConfig {
private String certificateKeyAlias;
private String certificateKeystorePassword = "changeit";
private String certificateKeystoreFile = System.getProperty("user.home")+"/.keystore";
- private String certificateKeystoreFileAbsolute = adjustRelativePath(certificateKeystoreFile);
private String certificateKeystoreProvider = System.getProperty("javax.net.ssl.keyStoreProvider");
private String certificateKeystoreType = System.getProperty("javax.net.ssl.keyStoreType");
private String keyManagerAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
@@ -72,23 +70,16 @@ public class SSLHostConfig {
private String trustManagerClassName;
private String truststoreAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
private String truststoreFile = System.getProperty("javax.net.ssl.trustStore");
- private String truststoreFileAbsolute = adjustRelativePath(truststoreFile);
private String truststorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
private String truststoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider");
private String truststoreType = System.getProperty("javax.net.ssl.trustStoreType");
// OpenSSL
private String certificateChainFile;
- private String certificateChainFileAbsolute;
private String certificateFile;
- private String certificateFileAbsolute;
private String certificateKeyFile;
- private String certificateKeyFileAbsolute;
private String certificateRevocationListPath;
- private String certificateRevocationListPathAbsolute;
private String caCertificateFile;
- private String caCertificateFileAbsolute;
private String caCertificatePath;
- private String caCertificatePathAbsolute;
private boolean disableCompression = true;
private boolean disableSessionTickets = false;
private boolean insecureRenegotiation = false;
@@ -156,19 +147,12 @@ public class SSLHostConfig {
public void setCertificateRevocationListFile(String certificateRevocationListFile) {
this.certificateRevocationListFile = certificateRevocationListFile;
- this.certificateRevocationListFileAbsolute =
- adjustRelativePath(certificateRevocationListFile);
}
public String getCertificateRevocationListFile() {
return certificateRevocationListFile;
}
- public String getCertificateRevocationListFileAbsolute() {
- return certificateRevocationListFileAbsolute;
- }
-
-
public void setCertificateVerification(String certificateVerification) {
@@ -287,16 +271,12 @@ public class SSLHostConfig {
public void setCertificateKeystoreFile(String certificateKeystoreFile) {
setProperty("certificateKeystoreFile", Type.JSSE);
this.certificateKeystoreFile = certificateKeystoreFile;
- this.certificateKeystoreFileAbsolute = adjustRelativePath(certificateKeystoreFile);
}
public String getCertificateKeystoreFile() {
return certificateKeystoreFile;
}
- public String getCertificateKeystoreFileAbsolute() {
- return certificateKeystoreFileAbsolute;
- }
public void setCertificateKeystorePassword(String certificateKeystorePassword) {
@@ -401,16 +381,12 @@ public class SSLHostConfig {
public void setTruststoreFile(String truststoreFile) {
setProperty("truststoreFile", Type.JSSE);
this.truststoreFile = truststoreFile;
- this.truststoreFileAbsolute = adjustRelativePath(truststoreFile);
}
public String getTruststoreFile() {
return truststoreFile;
}
- public String getTruststoreFileAbsolute() {
- return truststoreFileAbsolute;
- }
public void setTruststorePassword(String truststorePassword) {
@@ -459,92 +435,67 @@ public class SSLHostConfig {
public void setCertificateChainFile(String certificateChainFile) {
setProperty("certificateChainFile", Type.OPENSSL);
this.certificateChainFile = certificateChainFile;
- this.certificateChainFileAbsolute = adjustRelativePath(certificateChainFile);
}
public String getCertificateChainFile() {
return certificateChainFile;
}
- public String getCertificateChainFileAbsolute() {
- return certificateChainFileAbsolute;
- }
public void setCertificateFile(String certificateFile) {
setProperty("certificateFile", Type.OPENSSL);
this.certificateFile = certificateFile;
- this.certificateFileAbsolute = adjustRelativePath(certificateFile);
}
public String getCertificateFile() {
return certificateFile;
}
- public String getCertificateFileAbsolute() {
- return certificateFileAbsolute;
- }
public void setCertificateKeyFile(String certificateKeyFile) {
setProperty("certificateKeyFile", Type.OPENSSL);
this.certificateKeyFile = certificateKeyFile;
- this.certificateKeyFileAbsolute = adjustRelativePath(certificateKeyFile);
}
public String getCertificateKeyFile() {
return certificateKeyFile;
}
- public String getCertificateKeyFileAbsolute() {
- return certificateKeyFileAbsolute;
- }
public void setCertificateRevocationListPath(String certificateRevocationListPath) {
setProperty("certificateRevocationListPath", Type.OPENSSL);
this.certificateRevocationListPath = certificateRevocationListPath;
- this.certificateRevocationListPathAbsolute =
- adjustRelativePath(certificateRevocationListPath);
}
public String getCertificateRevocationListPath() {
return certificateRevocationListPath;
}
- public String getCertificateRevocationListPathAbsolute() {
- return certificateRevocationListPathAbsolute;
- }
public void setCaCertificateFile(String caCertificateFile) {
setProperty("caCertificateFile", Type.OPENSSL);
this.caCertificateFile = caCertificateFile;
- this.caCertificateFileAbsolute = adjustRelativePath(caCertificateFile);
}
public String getCaCertificateFile() {
return caCertificateFile;
}
- public String getCaCertificateFileAbsolute() {
- return caCertificateFileAbsolute;
- }
public void setCaCertificatePath(String caCertificatePath) {
setProperty("caCertificatePath", Type.OPENSSL);
this.caCertificatePath = caCertificatePath;
- this.caCertificatePathAbsolute = adjustRelativePath(caCertificatePath);
}
public String getCaCertificatePath() {
return caCertificatePath;
}
- public String getCaCertificatePathAbsolute() {
- return caCertificatePathAbsolute;
- }
public void setDisableCompression(boolean disableCompression) {
@@ -582,7 +533,7 @@ public class SSLHostConfig {
// --------------------------------------------------------- Support methods
- private String adjustRelativePath(String path) {
+ public static String adjustRelativePath(String path) {
// Empty or null path can't point to anything useful. The assumption is
// that the value is deliberately empty / null so leave it that way.
if (path == null || path.length() == 0) {
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1678189&r1=1678188&r2=1678189&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Thu May 7 13:14:19 2015
@@ -170,7 +170,7 @@ public class JSSESocketFactory implement
protected KeyStore getTrustStore() throws IOException {
KeyStore trustStore = null;
- String truststoreFile = sslHostConfig.getTruststoreFileAbsolute();
+ String truststoreFile = SSLHostConfig.adjustRelativePath(sslHostConfig.getTruststoreFile());
String truststoreType = sslHostConfig.getTruststoreType();
String truststoreProvider = sslHostConfig.getTruststoreProvider();
@@ -261,7 +261,8 @@ public class JSSESocketFactory implement
public KeyManager[] getKeyManagers() throws Exception {
String keystoreType = sslHostConfig.getCertificateKeystoreType();
String keystoreProvider = sslHostConfig.getCertificateKeystoreProvider();
- String keystoreFile = sslHostConfig.getCertificateKeystoreFileAbsolute();
+ String keystoreFile = SSLHostConfig.adjustRelativePath(
+ sslHostConfig.getCertificateKeystoreFile());
String keystorePass = sslHostConfig.getCertificateKeystorePassword();
String keyAlias = sslHostConfig.getCertificateKeyAlias();
String algorithm = sslHostConfig.getKeyManagerAlgorithm();
@@ -301,7 +302,8 @@ public class JSSESocketFactory implement
public TrustManager[] getTrustManagers() throws Exception {
String algorithm = sslHostConfig.getTruststoreAlgorithm();
- String crlf = sslHostConfig.getCertificateRevocationListFileAbsolute();
+ String crlf = SSLHostConfig.adjustRelativePath(
+ sslHostConfig.getCertificateRevocationListFile());
String className = sslHostConfig.getTrustManagerClassName();
if(className != null && className.length() > 0) {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org